OLD | NEW |
---|---|
1 /* | 1 /* |
2 * This file is PRIVATE to SSL and should be the first thing included by | 2 * This file is PRIVATE to SSL and should be the first thing included by |
3 * any SSL implementation file. | 3 * any SSL implementation file. |
4 * | 4 * |
5 * ***** BEGIN LICENSE BLOCK ***** | 5 * ***** BEGIN LICENSE BLOCK ***** |
6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
7 * | 7 * |
8 * The contents of this file are subject to the Mozilla Public License Version | 8 * The contents of this file are subject to the Mozilla Public License Version |
9 * 1.1 (the "License"); you may not use this file except in compliance with | 9 * 1.1 (the "License"); you may not use this file except in compliance with |
10 * the License. You may obtain a copy of the License at | 10 * the License. You may obtain a copy of the License at |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
55 #include "sslerr.h" | 55 #include "sslerr.h" |
56 #include "ssl3prot.h" | 56 #include "ssl3prot.h" |
57 #include "hasht.h" | 57 #include "hasht.h" |
58 #include "nssilock.h" | 58 #include "nssilock.h" |
59 #include "pkcs11t.h" | 59 #include "pkcs11t.h" |
60 #if defined(XP_UNIX) || defined(XP_BEOS) | 60 #if defined(XP_UNIX) || defined(XP_BEOS) |
61 #include "unistd.h" | 61 #include "unistd.h" |
62 #endif | 62 #endif |
63 #include "nssrwlk.h" | 63 #include "nssrwlk.h" |
64 #include "prthread.h" | 64 #include "prthread.h" |
65 #include "prclist.h" | |
65 | 66 |
66 #include "sslt.h" /* for some formerly private types, now public */ | 67 #include "sslt.h" /* for some formerly private types, now public */ |
67 | 68 |
68 #ifdef NSS_PLATFORM_CLIENT_AUTH | 69 #ifdef NSS_PLATFORM_CLIENT_AUTH |
69 #if defined(XP_WIN32) | 70 #if defined(XP_WIN32) |
70 #include <windows.h> | 71 #include <windows.h> |
71 #include <wincrypt.h> | 72 #include <wincrypt.h> |
72 #elif defined(XP_MACOSX) | 73 #elif defined(XP_MACOSX) |
73 #include <Security/Security.h> | 74 #include <Security/Security.h> |
74 #endif | 75 #endif |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
188 #else | 189 #else |
189 #define SSL3_SUPPORTED_CURVES_MASK 0x3fffffe | 190 #define SSL3_SUPPORTED_CURVES_MASK 0x3fffffe |
190 #endif | 191 #endif |
191 | 192 |
192 #ifndef BPB | 193 #ifndef BPB |
193 #define BPB 8 /* Bits Per Byte */ | 194 #define BPB 8 /* Bits Per Byte */ |
194 #endif | 195 #endif |
195 | 196 |
196 #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ | 197 #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ |
197 | 198 |
199 #define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/ | |
200 #define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */ | |
201 #define DTLS_FINISHED_TIMER 120000 /* Time to wait in FINISHED state */ | |
wtc
2012/03/21 01:22:07
DTLS_FINISHED_TIMER is larger than MAX_DTLS_TIMEOU
wtc
2012/03/21 01:22:07
Nit: it would be nice to standardize on one of "TI
ekr
2012/03/21 01:36:40
No. MAX_DTLS_TIMEOUT_MS is the biggest timer we ba
ekr
2012/03/21 01:36:40
Good point.
| |
202 | |
198 typedef struct sslBufferStr sslBuffer; | 203 typedef struct sslBufferStr sslBuffer; |
199 typedef struct sslConnectInfoStr sslConnectInfo; | 204 typedef struct sslConnectInfoStr sslConnectInfo; |
200 typedef struct sslGatherStr sslGather; | 205 typedef struct sslGatherStr sslGather; |
201 typedef struct sslSecurityInfoStr sslSecurityInfo; | 206 typedef struct sslSecurityInfoStr sslSecurityInfo; |
202 typedef struct sslSessionIDStr sslSessionID; | 207 typedef struct sslSessionIDStr sslSessionID; |
203 typedef struct sslSocketStr sslSocket; | 208 typedef struct sslSocketStr sslSocket; |
204 typedef struct sslSocketOpsStr sslSocketOps; | 209 typedef struct sslSocketOpsStr sslSocketOps; |
205 | 210 |
206 typedef struct ssl3StateStr ssl3State; | 211 typedef struct ssl3StateStr ssl3State; |
207 typedef struct ssl3CertNodeStr ssl3CertNode; | 212 typedef struct ssl3CertNodeStr ssl3CertNode; |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
280 int (*read) (sslSocket *, unsigned char *, int); | 285 int (*read) (sslSocket *, unsigned char *, int); |
281 int (*write) (sslSocket *, const unsigned char *, int); | 286 int (*write) (sslSocket *, const unsigned char *, int); |
282 | 287 |
283 int (*getpeername)(sslSocket *, PRNetAddr *); | 288 int (*getpeername)(sslSocket *, PRNetAddr *); |
284 int (*getsockname)(sslSocket *, PRNetAddr *); | 289 int (*getsockname)(sslSocket *, PRNetAddr *); |
285 }; | 290 }; |
286 | 291 |
287 /* Flags interpreted by ssl send functions. */ | 292 /* Flags interpreted by ssl send functions. */ |
288 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000 | 293 #define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000 |
289 #define ssl_SEND_FLAG_NO_BUFFER 0x20000000 | 294 #define ssl_SEND_FLAG_NO_BUFFER 0x20000000 |
295 #define ssl_SEND_FLAG_USE_EPOCH 0x10000000 /* DTLS only */ | |
296 #define ssl_SEND_FLAG_NO_RETRANSMIT 0x08000000 /* DTLS only */ | |
290 #define ssl_SEND_FLAG_MASK 0x7f000000 | 297 #define ssl_SEND_FLAG_MASK 0x7f000000 |
291 | 298 |
292 /* | 299 /* |
293 ** A buffer object. | 300 ** A buffer object. |
294 */ | 301 */ |
295 struct sslBufferStr { | 302 struct sslBufferStr { |
296 unsigned char * buf; | 303 unsigned char * buf; |
297 unsigned int len; | 304 unsigned int len; |
298 unsigned int space; | 305 unsigned int space; |
299 }; | 306 }; |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
375 ** These values are each 1 greater than the NSPR values, and the code | 382 ** These values are each 1 greater than the NSPR values, and the code |
376 ** depends on that relation to efficiently convert PR_SHUTDOWN values | 383 ** depends on that relation to efficiently convert PR_SHUTDOWN values |
377 ** into ssl_SHUTDOWN values. These values use one bit for read, and | 384 ** into ssl_SHUTDOWN values. These values use one bit for read, and |
378 ** another bit for write, and can be used as bitmasks. | 385 ** another bit for write, and can be used as bitmasks. |
379 */ | 386 */ |
380 #define ssl_SHUTDOWN_NONE 0 /* NOT shutdown at all */ | 387 #define ssl_SHUTDOWN_NONE 0 /* NOT shutdown at all */ |
381 #define ssl_SHUTDOWN_RCV 1 /* PR_SHUTDOWN_RCV +1 */ | 388 #define ssl_SHUTDOWN_RCV 1 /* PR_SHUTDOWN_RCV +1 */ |
382 #define ssl_SHUTDOWN_SEND 2 /* PR_SHUTDOWN_SEND +1 */ | 389 #define ssl_SHUTDOWN_SEND 2 /* PR_SHUTDOWN_SEND +1 */ |
383 #define ssl_SHUTDOWN_BOTH 3 /* PR_SHUTDOWN_BOTH +1 */ | 390 #define ssl_SHUTDOWN_BOTH 3 /* PR_SHUTDOWN_BOTH +1 */ |
384 | 391 |
392 | |
385 /* | 393 /* |
386 ** A gather object. Used to read some data until a count has been | 394 ** A gather object. Used to read some data until a count has been |
387 ** satisfied. Primarily for support of async sockets. | 395 ** satisfied. Primarily for support of async sockets. |
388 ** Everything in here is protected by the recvBufLock. | 396 ** Everything in here is protected by the recvBufLock. |
389 */ | 397 */ |
390 struct sslGatherStr { | 398 struct sslGatherStr { |
391 int state; /* see GS_ values below. */ /* ssl 2 & 3 */ | 399 int state; /* see GS_ values below. */ /* ssl 2 & 3 */ |
392 | 400 |
393 /* "buf" holds received plaintext SSL records, after decrypt and MAC check. | 401 /* "buf" holds received plaintext SSL records, after decrypt and MAC check. |
394 * SSL2: recv'd ciphertext records are put here, then decrypted in place. | 402 * SSL2: recv'd ciphertext records are put here, then decrypted in place. |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
441 unsigned int writeOffset; | 449 unsigned int writeOffset; |
442 | 450 |
443 /* Buffer for ssl3 to read (encrypted) data from the socket */ | 451 /* Buffer for ssl3 to read (encrypted) data from the socket */ |
444 sslBuffer inbuf; /*recvBufLock*/ /* ssl3 only */ | 452 sslBuffer inbuf; /*recvBufLock*/ /* ssl3 only */ |
445 | 453 |
446 /* The ssl[23]_GatherData functions read data into this buffer, rather | 454 /* The ssl[23]_GatherData functions read data into this buffer, rather |
447 ** than into buf or inbuf, while in the GS_HEADER state. | 455 ** than into buf or inbuf, while in the GS_HEADER state. |
448 ** The portion of the SSL record header put here always comes off the wire | 456 ** The portion of the SSL record header put here always comes off the wire |
449 ** as plaintext, never ciphertext. | 457 ** as plaintext, never ciphertext. |
450 ** For SSL2, the plaintext portion is two bytes long. For SSl3 it is 5. | 458 ** For SSL2, the plaintext portion is two bytes long. For SSl3 it is 5. |
451 */ | 459 ** For DTLS it is 13 |
452 unsigned char hdr[5];» » » » » /* ssl 2 & 3 */ | 460 */ |
461 unsigned char hdr[13];» » » » » /* ssl 2 & 3, or dtls */ | |
462 | |
463 /* Buffer for DTLS data read off the wire as a single datagram */ | |
464 sslBuffer dtlsPacket; | |
465 | |
466 /* the start of the buffered DTLS record in dtlsPacket */ | |
467 unsigned int dtlsPacketOffset; | |
453 }; | 468 }; |
454 | 469 |
455 /* sslGather.state */ | 470 /* sslGather.state */ |
456 #define GS_INIT 0 | 471 #define GS_INIT 0 |
457 #define GS_HEADER 1 | 472 #define GS_HEADER 1 |
458 #define GS_MAC 2 | 473 #define GS_MAC 2 |
459 #define GS_DATA 3 | 474 #define GS_DATA 3 |
460 #define GS_PAD 4 | 475 #define GS_PAD 4 |
461 | 476 |
462 typedef SECStatus (*SSLCipher)(void * context, | 477 typedef SECStatus (*SSLCipher)(void * context, |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
514 #define MAX_IV_LENGTH 24 | 529 #define MAX_IV_LENGTH 24 |
515 | 530 |
516 /* | 531 /* |
517 * Do not depend upon 64 bit arithmetic in the underlying machine. | 532 * Do not depend upon 64 bit arithmetic in the underlying machine. |
518 */ | 533 */ |
519 typedef struct { | 534 typedef struct { |
520 PRUint32 high; | 535 PRUint32 high; |
521 PRUint32 low; | 536 PRUint32 low; |
522 } SSL3SequenceNumber; | 537 } SSL3SequenceNumber; |
523 | 538 |
539 typedef PRUint16 DTLSEpoch; | |
540 | |
541 typedef void (*DtlsTimerCb)(sslSocket *); | |
542 | |
524 #define MAX_MAC_CONTEXT_BYTES 400 | 543 #define MAX_MAC_CONTEXT_BYTES 400 |
525 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8) | 544 #define MAX_MAC_CONTEXT_LLONGS (MAX_MAC_CONTEXT_BYTES / 8) |
526 | 545 |
527 #define MAX_CIPHER_CONTEXT_BYTES 2080 | 546 #define MAX_CIPHER_CONTEXT_BYTES 2080 |
528 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8) | 547 #define MAX_CIPHER_CONTEXT_LLONGS (MAX_CIPHER_CONTEXT_BYTES / 8) |
529 | 548 |
530 typedef struct { | 549 typedef struct { |
531 SSL3Opaque client_write_iv [24]; | 550 SSL3Opaque client_write_iv [24]; |
532 SSL3Opaque server_write_iv [24]; | 551 SSL3Opaque server_write_iv [24]; |
533 SSL3Opaque wrapped_master_secret [48]; | 552 SSL3Opaque wrapped_master_secret [48]; |
534 PRUint16 wrapped_master_secret_len; | 553 PRUint16 wrapped_master_secret_len; |
535 PRUint8 msIsWrapped; | 554 PRUint8 msIsWrapped; |
536 PRUint8 resumable; | 555 PRUint8 resumable; |
537 } ssl3SidKeys; /* 100 bytes */ | 556 } ssl3SidKeys; /* 100 bytes */ |
538 | 557 |
539 typedef struct { | 558 typedef struct { |
540 PK11SymKey *write_key; | 559 PK11SymKey *write_key; |
541 PK11SymKey *write_mac_key; | 560 PK11SymKey *write_mac_key; |
542 PK11Context *write_mac_context; | 561 PK11Context *write_mac_context; |
543 SECItem write_key_item; | 562 SECItem write_key_item; |
544 SECItem write_iv_item; | 563 SECItem write_iv_item; |
545 SECItem write_mac_key_item; | 564 SECItem write_mac_key_item; |
546 SSL3Opaque write_iv[MAX_IV_LENGTH]; | 565 SSL3Opaque write_iv[MAX_IV_LENGTH]; |
547 PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS]; | 566 PRUint64 cipher_context[MAX_CIPHER_CONTEXT_LLONGS]; |
548 } ssl3KeyMaterial; | 567 } ssl3KeyMaterial; |
549 | 568 |
569 | |
570 /* The DTLS anti-replay window. Defined here because we need it in | |
571 the cipher spec. Note that this is a ring buffer but left and | |
572 right represent the true window, with modular arithmetic | |
573 used to mape them onto the buffer. | |
574 */ | |
575 #define DTLS_RECVD_RECORDS_WINDOW 1024 /* Packets; approximate | |
576 * Must be divisible by 8 | |
577 **/ | |
578 typedef struct DTLSRecvdRecordsStr { | |
579 unsigned char data[DTLS_RECVD_RECORDS_WINDOW/8]; | |
580 PRUint64 left; | |
581 PRUint64 right; | |
582 } DTLSRecvdRecords; | |
583 | |
550 /* | 584 /* |
551 ** These are the "specs" in the "ssl3" struct. | 585 ** These are the "specs" in the "ssl3" struct. |
552 ** Access to the pointers to these specs, and all the specs' contents | 586 ** Access to the pointers to these specs, and all the specs' contents |
553 ** (direct and indirect) is protected by the reader/writer lock ss->specLock. | 587 ** (direct and indirect) is protected by the reader/writer lock ss->specLock. |
554 */ | 588 */ |
555 typedef struct { | 589 typedef struct { |
556 const ssl3BulkCipherDef *cipher_def; | 590 const ssl3BulkCipherDef *cipher_def; |
557 const ssl3MACDef * mac_def; | 591 const ssl3MACDef * mac_def; |
558 SSLCompressionMethod compression_method; | 592 SSLCompressionMethod compression_method; |
559 int mac_size; | 593 int mac_size; |
(...skipping 15 matching lines...) Expand all Loading... | |
575 SSL3SequenceNumber read_seq_num; | 609 SSL3SequenceNumber read_seq_num; |
576 SSL3ProtocolVersion version; | 610 SSL3ProtocolVersion version; |
577 ssl3KeyMaterial client; | 611 ssl3KeyMaterial client; |
578 ssl3KeyMaterial server; | 612 ssl3KeyMaterial server; |
579 SECItem msItem; | 613 SECItem msItem; |
580 unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; | 614 unsigned char key_block[NUM_MIXERS * MD5_LENGTH]; |
581 unsigned char raw_master_secret[56]; | 615 unsigned char raw_master_secret[56]; |
582 SECItem srvVirtName; /* for server: name that was negotiated | 616 SECItem srvVirtName; /* for server: name that was negotiated |
583 * with a client. For client - is | 617 * with a client. For client - is |
584 * always set to NULL.*/ | 618 * always set to NULL.*/ |
619 DTLSEpoch epoch; | |
620 DTLSRecvdRecords recvdRecords; | |
585 } ssl3CipherSpec; | 621 } ssl3CipherSpec; |
586 | 622 |
587 typedef enum { never_cached, | 623 typedef enum { never_cached, |
588 in_client_cache, | 624 in_client_cache, |
589 in_server_cache, | 625 in_server_cache, |
590 invalid_cache /* no longer in any cache. */ | 626 invalid_cache /* no longer in any cache. */ |
591 } Cached; | 627 } Cached; |
592 | 628 |
593 #define MAX_PEER_CERT_CHAIN_SIZE 8 | 629 #define MAX_PEER_CERT_CHAIN_SIZE 8 |
594 | 630 |
(...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
770 * Names data is not coppied from the input buffer. It can not be | 806 * Names data is not coppied from the input buffer. It can not be |
771 * used outside the scope where input buffer is defined and that | 807 * used outside the scope where input buffer is defined and that |
772 * is beyond ssl3_HandleClientHello function. */ | 808 * is beyond ssl3_HandleClientHello function. */ |
773 SECItem *sniNameArr; | 809 SECItem *sniNameArr; |
774 PRUint32 sniNameArrSize; | 810 PRUint32 sniNameArrSize; |
775 }; | 811 }; |
776 | 812 |
777 typedef SECStatus (*sslRestartTarget)(sslSocket *); | 813 typedef SECStatus (*sslRestartTarget)(sslSocket *); |
778 | 814 |
779 /* | 815 /* |
816 ** A DTLS Queued message (potentially to be retransmitted) | |
817 */ | |
818 typedef struct DTLSQueuedMessageStr { | |
819 PRCList link; /* The linked list link */ | |
820 DTLSEpoch epoch; /* The epoch to use */ | |
821 SSL3ContentType type; /* The message type */ | |
822 unsigned char *data; /* The data */ | |
823 PRUint16 len; /* The data length */ | |
824 } DTLSQueuedMessage; | |
825 | |
826 /* | |
780 ** This is the "hs" member of the "ssl3" struct. | 827 ** This is the "hs" member of the "ssl3" struct. |
781 ** This entire struct is protected by ssl3HandshakeLock | 828 ** This entire struct is protected by ssl3HandshakeLock |
782 */ | 829 */ |
783 typedef struct SSL3HandshakeStateStr { | 830 typedef struct SSL3HandshakeStateStr { |
784 SSL3Random server_random; | 831 SSL3Random server_random; |
785 SSL3Random client_random; | 832 SSL3Random client_random; |
786 SSL3WaitState ws; | 833 SSL3WaitState ws; |
787 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; | 834 PRUint64 md5_cx[MAX_MAC_CONTEXT_LLONGS]; |
788 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; | 835 PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; |
789 PK11Context * md5; /* handshake running hashes */ | 836 PK11Context * md5; /* handshake running hashes */ |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
824 PRUint32 negotiatedECCurves; /* bit mask */ | 871 PRUint32 negotiatedECCurves; /* bit mask */ |
825 #endif /* NSS_ENABLE_ECC */ | 872 #endif /* NSS_ENABLE_ECC */ |
826 | 873 |
827 PRBool authCertificatePending; | 874 PRBool authCertificatePending; |
828 /* Which function should SSL_RestartHandshake* call if we're blocked? | 875 /* Which function should SSL_RestartHandshake* call if we're blocked? |
829 * One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake, | 876 * One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake, |
830 * or ssl3_AlwaysFail */ | 877 * or ssl3_AlwaysFail */ |
831 sslRestartTarget restartTarget; | 878 sslRestartTarget restartTarget; |
832 /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */ | 879 /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */ |
833 PRBool cacheSID; | 880 PRBool cacheSID; |
881 | |
882 /* This group of values is used for DTLS */ | |
883 PRUint16 sendMessageSeq; /* The sending message sequence numbe r*/ | |
884 PRCList * lastMessageFlight; /* The last message flight we sent. This | |
885 * is a pointer because ssl_FreeSoc ket | |
886 * relocates the structure in DEBUG mode | |
887 * which messes up the list macros */ | |
888 PRUint16 maxMessageSent; /* The largest message we sent */ | |
889 PRUint16 recvMessageSeq; /* The receiving message sequence num ber*/ | |
890 sslBuffer recvdFragments; /* The fragments we have received in a bitmask */ | |
891 PRInt32 recvdHighWater; /* The high water mark for fragments received | |
892 * -1 means no reassembly in progress . */ | |
893 unsigned char cookie[32]; /* The cookie */ | |
894 unsigned char cookieLen; /* The length of the cookie*/ | |
895 PRIntervalTime rtTimerStarted; /* When the timer was started */ | |
896 DtlsTimerCb rtTimerCb; /* The timer to call on expiry */ | |
wtc
2012/03/21 01:22:07
Nit: this comment should read "The function to cal
ekr
2012/03/21 01:36:40
Agreed.
| |
897 PRUint32 rtTimeoutMs; /* The length of the current timeout | |
898 * used for backoff (in ms)*/ | |
899 PRUint32 rtRetries; /* The retry counter */ | |
wtc
2012/03/21 01:22:07
In the names of these members, "rt" stands for "re
ekr
2012/03/21 01:36:40
Correct.
| |
834 } SSL3HandshakeState; | 900 } SSL3HandshakeState; |
835 | 901 |
836 | 902 |
837 | 903 |
838 /* | 904 /* |
839 ** This is the "ssl3" struct, as in "ss->ssl3". | 905 ** This is the "ssl3" struct, as in "ss->ssl3". |
840 ** note: | 906 ** note: |
841 ** usually, crSpec == cwSpec and prSpec == pwSpec. | 907 ** usually, crSpec == cwSpec and prSpec == pwSpec. |
842 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec. | 908 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec. |
843 ** But there are never more than 2 actual specs. | 909 ** But there are never more than 2 actual specs. |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
875 /* used by server. trusted CAs for this socket. */ | 941 /* used by server. trusted CAs for this socket. */ |
876 PRBool initialized; | 942 PRBool initialized; |
877 SSL3HandshakeState hs; | 943 SSL3HandshakeState hs; |
878 ssl3CipherSpec specs[2]; /* one is current, one is pending. */ | 944 ssl3CipherSpec specs[2]; /* one is current, one is pending. */ |
879 | 945 |
880 /* In a client: if the server supports Next Protocol Negotiation, then | 946 /* In a client: if the server supports Next Protocol Negotiation, then |
881 * this is the protocol that was negotiated. | 947 * this is the protocol that was negotiated. |
882 */ | 948 */ |
883 SECItem nextProto; | 949 SECItem nextProto; |
884 SSLNextProtoState nextProtoState; | 950 SSLNextProtoState nextProtoState; |
951 PRUint16 mtu; /* Our estimate of the MTU */ | |
885 }; | 952 }; |
886 | 953 |
954 #define DTLS_MAX_MTU (1500) /* Ethernet MTU but without subtracting the he aders, | |
955 * so slightly larger than expected */ | |
956 #define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram) | |
957 | |
958 | |
887 typedef struct { | 959 typedef struct { |
888 SSL3ContentType type; | 960 SSL3ContentType type; |
889 SSL3ProtocolVersion version; | 961 SSL3ProtocolVersion version; |
962 SSL3SequenceNumber seq_num; /* DTLS only */ | |
890 sslBuffer * buf; | 963 sslBuffer * buf; |
891 } SSL3Ciphertext; | 964 } SSL3Ciphertext; |
892 | 965 |
893 struct ssl3KeyPairStr { | 966 struct ssl3KeyPairStr { |
894 SECKEYPrivateKey * privKey; | 967 SECKEYPrivateKey * privKey; |
895 SECKEYPublicKey * pubKey; | 968 SECKEYPublicKey * pubKey; |
896 PRInt32 refCount; /* use PR_Atomic calls for this. */ | 969 PRInt32 refCount; /* use PR_Atomic calls for this. */ |
897 }; | 970 }; |
898 | 971 |
899 typedef struct SSLWrappedSymWrappingKeyStr { | 972 typedef struct SSLWrappedSymWrappingKeyStr { |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1076 unsigned long handshakeBegun; | 1149 unsigned long handshakeBegun; |
1077 unsigned long lastWriteBlocked; | 1150 unsigned long lastWriteBlocked; |
1078 unsigned long recvdCloseNotify; /* received SSL EOF. */ | 1151 unsigned long recvdCloseNotify; /* received SSL EOF. */ |
1079 unsigned long TCPconnected; | 1152 unsigned long TCPconnected; |
1080 unsigned long appDataBuffered; | 1153 unsigned long appDataBuffered; |
1081 unsigned long peerRequestedProtection; /* from old renegotiation */ | 1154 unsigned long peerRequestedProtection; /* from old renegotiation */ |
1082 | 1155 |
1083 /* version of the protocol to use */ | 1156 /* version of the protocol to use */ |
1084 SSL3ProtocolVersion version; | 1157 SSL3ProtocolVersion version; |
1085 SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */ | 1158 SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */ |
1086 | |
1087 sslSecurityInfo sec; /* not a pointer any more */ | 1159 sslSecurityInfo sec; /* not a pointer any more */ |
1088 | 1160 |
1089 /* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */ | 1161 /* protected by firstHandshakeLock AND (in ssl3) ssl3HandshakeLock. */ |
1090 const char *url; /* ssl 2 & 3 */ | 1162 const char *url; /* ssl 2 & 3 */ |
1091 | 1163 |
1092 sslHandshakeFunc handshake; /*firstHandshakeLock*/ | 1164 sslHandshakeFunc handshake; /*firstHandshakeLock*/ |
1093 sslHandshakeFunc nextHandshake; /*firstHandshakeLock*/ | 1165 sslHandshakeFunc nextHandshake; /*firstHandshakeLock*/ |
1094 sslHandshakeFunc securityHandshake; /*firstHandshakeLock*/ | 1166 sslHandshakeFunc securityHandshake; /*firstHandshakeLock*/ |
1095 | 1167 |
1096 /* the following variable is only used with socks or other proxies. */ | 1168 /* the following variable is only used with socks or other proxies. */ |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1181 | 1253 |
1182 /* SSL3 state info. Formerly was a pointer */ | 1254 /* SSL3 state info. Formerly was a pointer */ |
1183 ssl3State ssl3; | 1255 ssl3State ssl3; |
1184 | 1256 |
1185 /* | 1257 /* |
1186 * TLS extension related data. | 1258 * TLS extension related data. |
1187 */ | 1259 */ |
1188 /* True when the current session is a stateless resume. */ | 1260 /* True when the current session is a stateless resume. */ |
1189 PRBool statelessResume; | 1261 PRBool statelessResume; |
1190 TLSExtensionData xtnData; | 1262 TLSExtensionData xtnData; |
1263 | |
1264 /* Whether we are doing stream or datagram mode */ | |
1265 SSLProtocolVariant protocolVariant; | |
1191 }; | 1266 }; |
1192 | 1267 |
1193 | 1268 |
1194 | 1269 |
1195 /* All the global data items declared here should be protected using the | 1270 /* All the global data items declared here should be protected using the |
1196 ** ssl_global_data_lock, which is a reader/writer lock. | 1271 ** ssl_global_data_lock, which is a reader/writer lock. |
1197 */ | 1272 */ |
1198 extern NSSRWLock * ssl_global_data_lock; | 1273 extern NSSRWLock * ssl_global_data_lock; |
1199 extern char ssl_debug; | 1274 extern char ssl_debug; |
1200 extern char ssl_trace; | 1275 extern char ssl_trace; |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1314 | 1389 |
1315 extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); | 1390 extern PRBool ssl_FdIsBlocking(PRFileDesc *fd); |
1316 | 1391 |
1317 extern PRBool ssl_SocketIsBlocking(sslSocket *ss); | 1392 extern PRBool ssl_SocketIsBlocking(sslSocket *ss); |
1318 | 1393 |
1319 extern void ssl3_SetAlwaysBlock(sslSocket *ss); | 1394 extern void ssl3_SetAlwaysBlock(sslSocket *ss); |
1320 | 1395 |
1321 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); | 1396 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); |
1322 | 1397 |
1323 extern PRBool ssl3_CanFalseStart(sslSocket *ss); | 1398 extern PRBool ssl3_CanFalseStart(sslSocket *ss); |
1399 extern PRInt32 ssl3_SendRecord(sslSocket *ss, DTLSEpoch epoch, | |
1400 SSL3ContentType type, | |
1401 const SSL3Opaque* pIn, PRInt32 nIn, | |
1402 PRInt32 flags); | |
1403 | |
1404 #ifdef NSS_ENABLE_ZLIB | |
1405 /* | |
1406 * The DEFLATE algorithm can result in an expansion of 0.1% + 12 bytes. For a | |
1407 * maximum TLS record payload of 2**14 bytes, that's 29 bytes. | |
1408 */ | |
1409 #define SSL3_COMPRESSION_MAX_EXPANSION 29 | |
1410 #else /* !NSS_ENABLE_ZLIB */ | |
1411 #define SSL3_COMPRESSION_MAX_EXPANSION 0 | |
1412 #endif | |
1413 | |
1414 /* | |
1415 * make sure there is room in the write buffer for padding and | |
1416 * other compression and cryptographic expansions. | |
1417 */ | |
1418 #define SSL3_BUFFER_FUDGE 100 + SSL3_COMPRESSION_MAX_EXPANSION | |
1419 | |
1324 | 1420 |
1325 #define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock) | 1421 #define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock) |
1326 #define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock ) | 1422 #define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock ) |
1327 #define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock) | 1423 #define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock) |
1328 #define SSL_UNLOCK_WRITER(ss) if (ss->sendLock) PZ_Unlock(ss->sendLock ) | 1424 #define SSL_UNLOCK_WRITER(ss) if (ss->sendLock) PZ_Unlock(ss->sendLock ) |
1329 | 1425 |
1330 /* firstHandshakeLock -> recvBufLock */ | 1426 /* firstHandshakeLock -> recvBufLock */ |
1331 #define ssl_Get1stHandshakeLock(ss) \ | 1427 #define ssl_Get1stHandshakeLock(ss) \ |
1332 { if (!ss->opt.noLocks) { \ | 1428 { if (!ss->opt.noLocks) { \ |
1333 PORT_Assert(PZ_InMonitor((ss)->firstHandshakeLock) || \ | 1429 PORT_Assert(PZ_InMonitor((ss)->firstHandshakeLock) || \ |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1429 * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos | 1525 * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos |
1430 */ | 1526 */ |
1431 extern SECStatus ssl3_HandleV2ClientHello( | 1527 extern SECStatus ssl3_HandleV2ClientHello( |
1432 sslSocket *ss, unsigned char *buffer, int length); | 1528 sslSocket *ss, unsigned char *buffer, int length); |
1433 extern SECStatus ssl3_StartHandshakeHash( | 1529 extern SECStatus ssl3_StartHandshakeHash( |
1434 sslSocket *ss, unsigned char *buf, int length); | 1530 sslSocket *ss, unsigned char *buf, int length); |
1435 | 1531 |
1436 /* | 1532 /* |
1437 * SSL3 specific routines | 1533 * SSL3 specific routines |
1438 */ | 1534 */ |
1439 SECStatus ssl3_SendClientHello(sslSocket *ss); | 1535 SECStatus ssl3_SendClientHello(sslSocket *ss, PRBool resending); |
1440 | 1536 |
1441 /* | 1537 /* |
1442 * input into the SSL3 machinery from the actualy network reading code | 1538 * input into the SSL3 machinery from the actualy network reading code |
1443 */ | 1539 */ |
1444 SECStatus ssl3_HandleRecord( | 1540 SECStatus ssl3_HandleRecord( |
1445 sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out); | 1541 sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out); |
1446 | 1542 |
1447 int ssl3_GatherAppDataRecord(sslSocket *ss, int flags); | 1543 int ssl3_GatherAppDataRecord(sslSocket *ss, int flags); |
1448 int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags); | 1544 int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags); |
1449 /* | 1545 /* |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1524 extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy); | 1620 extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy); |
1525 extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy); | 1621 extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy); |
1526 | 1622 |
1527 extern void ssl2_InitSocketPolicy(sslSocket *ss); | 1623 extern void ssl2_InitSocketPolicy(sslSocket *ss); |
1528 extern void ssl3_InitSocketPolicy(sslSocket *ss); | 1624 extern void ssl3_InitSocketPolicy(sslSocket *ss); |
1529 | 1625 |
1530 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, | 1626 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, |
1531 unsigned char *cs, int *size); | 1627 unsigned char *cs, int *size); |
1532 | 1628 |
1533 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); | 1629 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache); |
1630 extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, | |
1631 PRUint32 length); | |
1534 | 1632 |
1535 extern void ssl3_DestroySSL3Info(sslSocket *ss); | 1633 extern void ssl3_DestroySSL3Info(sslSocket *ss); |
1536 | 1634 |
1537 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, | 1635 extern SECStatus ssl3_NegotiateVersion(sslSocket *ss, |
1538 SSL3ProtocolVersion peerVersion, | 1636 SSL3ProtocolVersion peerVersion, |
1539 PRBool allowLargerPeerVersion); | 1637 PRBool allowLargerPeerVersion); |
1540 | 1638 |
1541 extern SECStatus ssl_GetPeerInfo(sslSocket *ss); | 1639 extern SECStatus ssl_GetPeerInfo(sslSocket *ss); |
1542 | 1640 |
1543 #ifdef NSS_ENABLE_ECC | 1641 #ifdef NSS_ENABLE_ECC |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1673 | 1771 |
1674 /* Decrement keypair's ref count and free if zero. */ | 1772 /* Decrement keypair's ref count and free if zero. */ |
1675 extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair); | 1773 extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair); |
1676 | 1774 |
1677 /* calls for accessing wrapping keys across processes. */ | 1775 /* calls for accessing wrapping keys across processes. */ |
1678 extern PRBool | 1776 extern PRBool |
1679 ssl_GetWrappingKey( PRInt32 symWrapMechIndex, | 1777 ssl_GetWrappingKey( PRInt32 symWrapMechIndex, |
1680 SSL3KEAType exchKeyType, | 1778 SSL3KEAType exchKeyType, |
1681 SSLWrappedSymWrappingKey *wswk); | 1779 SSLWrappedSymWrappingKey *wswk); |
1682 | 1780 |
1781 /* Generate an error */ | |
1782 extern SECStatus ssl3_DecodeError(sslSocket *ss); | |
1783 | |
1683 /* The caller passes in the new value it wants | 1784 /* The caller passes in the new value it wants |
1684 * to set. This code tests the wrapped sym key entry in the file on disk. | 1785 * to set. This code tests the wrapped sym key entry in the file on disk. |
1685 * If it is uninitialized, this function writes the caller's value into | 1786 * If it is uninitialized, this function writes the caller's value into |
1686 * the disk entry, and returns false. | 1787 * the disk entry, and returns false. |
1687 * Otherwise, it overwrites the caller's wswk with the value obtained from | 1788 * Otherwise, it overwrites the caller's wswk with the value obtained from |
1688 * the disk, and returns PR_TRUE. | 1789 * the disk, and returns PR_TRUE. |
1689 * This is all done while holding the locks/semaphores necessary to make | 1790 * This is all done while holding the locks/semaphores necessary to make |
1690 * the operation atomic. | 1791 * the operation atomic. |
1691 */ | 1792 */ |
1692 extern PRBool | 1793 extern PRBool |
(...skipping 24 matching lines...) Expand all Loading... | |
1717 // Converts a CERTCertList* (A collection of CERTCertificates) into a | 1818 // Converts a CERTCertList* (A collection of CERTCertificates) into a |
1718 // CERTCertificateList* (A collection of SECItems), or returns NULL if | 1819 // CERTCertificateList* (A collection of SECItems), or returns NULL if |
1719 // it cannot be converted. | 1820 // it cannot be converted. |
1720 // This is to allow the platform-supplied chain to be created with purely | 1821 // This is to allow the platform-supplied chain to be created with purely |
1721 // public API functions, using the preferred CERTCertList mutators, rather | 1822 // public API functions, using the preferred CERTCertList mutators, rather |
1722 // pushing this hack to clients. | 1823 // pushing this hack to clients. |
1723 extern CERTCertificateList* hack_NewCertificateListFromCertList( | 1824 extern CERTCertificateList* hack_NewCertificateListFromCertList( |
1724 CERTCertList* list); | 1825 CERTCertList* list); |
1725 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 1826 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
1726 | 1827 |
1828 /**************** DTLS-specific functions **************/ | |
1829 extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg); | |
1830 extern void dtls_FreeQueuedMessages(PRCList *lst); | |
1831 extern void dtls_FreeHandshakeMessages(PRCList *lst); | |
1832 | |
1833 extern SECStatus dtls_HandleHandshake(sslSocket *ss, | |
1834 sslBuffer *origBuf); | |
1835 extern SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss, | |
1836 SSL3Opaque *b, PRUint32 length); | |
1837 extern SECStatus dtls_StageHandshakeMessage(sslSocket *ss); | |
1838 extern SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type, | |
1839 const SSL3Opaque *pIn, PRInt32 nIn); | |
1840 extern SECStatus dtls_FlushHandshakeMessages(sslSocket *ss, | |
1841 PRInt32 flags); | |
1842 extern SECStatus dtls_CompressMACEncryptRecord(sslSocket *ss, | |
1843 DTLSEpoch epoch, PRBool use_epoch , | |
1844 SSL3ContentType type, const SSL3O paque * pIn, | |
1845 PRUint32 contentLen, | |
1846 sslBuffer * wrBuf); | |
1847 SECStatus ssl3_DisableNonDTLSSuites(sslSocket * ss); | |
1848 extern SECStatus dtls_StartTimer(sslSocket *ss, DtlsTimerCb cb); | |
1849 extern SECStatus dtls_RestartTimer(sslSocket *ss, PRBool backoff, | |
1850 DtlsTimerCb cb); | |
1851 extern void dtls_CheckTimer(sslSocket *ss); | |
1852 extern void dtls_CancelTimer(sslSocket *ss); | |
1853 extern void dtls_FinishedTimerCb(sslSocket *ss); | |
1854 extern void dtls_SetMTU(sslSocket *ss, PRUint16 advertised); | |
1855 extern void dtls_InitRecvdRecords(DTLSRecvdRecords *records); | |
1856 extern int dtls_RecordGetRecvd(DTLSRecvdRecords *records, PRUint64 seq); | |
1857 extern void dtls_RecordSetRecvd(DTLSRecvdRecords *records, PRUint64 seq); | |
1858 extern SSL3ProtocolVersion | |
1859 dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion ttlsv); | |
1860 extern SSL3ProtocolVersion | |
1861 dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv); | |
1862 | |
1727 /********************** misc calls *********************/ | 1863 /********************** misc calls *********************/ |
1728 | 1864 |
1729 extern int ssl_MapLowLevelError(int hiLevelError); | 1865 extern int ssl_MapLowLevelError(int hiLevelError); |
1730 | 1866 |
1731 extern PRUint32 ssl_Time(void); | 1867 extern PRUint32 ssl_Time(void); |
1732 | 1868 |
1733 extern void SSL_AtomicIncrementLong(long * x); | 1869 extern void SSL_AtomicIncrementLong(long * x); |
1734 | 1870 |
1735 SECStatus SSL_DisableDefaultExportCipherSuites(void); | 1871 SECStatus SSL_DisableDefaultExportCipherSuites(void); |
1736 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); | 1872 SECStatus SSL_DisableExportCipherSuites(PRFileDesc * fd); |
1737 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); | 1873 PRBool SSL_IsExportCipherSuite(PRUint16 cipherSuite); |
1738 | |
1739 extern SECStatus | 1874 extern SECStatus |
1740 ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, | 1875 ssl3_TLSPRFWithMasterSecret(ssl3CipherSpec *spec, |
1741 const char *label, unsigned int labelLen, | 1876 const char *label, unsigned int labelLen, |
1742 const unsigned char *val, unsigned int valLen, | 1877 const unsigned char *val, unsigned int valLen, |
1743 unsigned char *out, unsigned int outLen); | 1878 unsigned char *out, unsigned int outLen); |
1744 | 1879 |
1880 | |
1881 /****************** Exposed for DTLS ********************/ | |
1882 extern SECStatus | |
1883 ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, | |
1884 PRBool isServer, | |
1885 PRBool isDtls, | |
1886 SSL3ContentType type, | |
1887 const SSL3Opaque * pIn, | |
1888 PRUint32 contentLen, | |
1889 sslBuffer * wrBuf); | |
1890 extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName); | |
1891 extern const ssl3CipherSuiteDef *ssl_LookupCipherSuiteDef(ssl3CipherSuite | |
1892 suite); | |
1893 extern void dtls_RehandshakeCleanup(sslSocket *ss); | |
1894 | |
1895 | |
1745 #ifdef TRACE | 1896 #ifdef TRACE |
1746 #define SSL_TRACE(msg) ssl_Trace msg | 1897 #define SSL_TRACE(msg) ssl_Trace msg |
1747 #else | 1898 #else |
1748 #define SSL_TRACE(msg) | 1899 #define SSL_TRACE(msg) |
1749 #endif | 1900 #endif |
1750 | 1901 |
1751 void ssl_Trace(const char *format, ...); | 1902 void ssl_Trace(const char *format, ...); |
1752 | 1903 |
1753 SEC_END_PROTOS | 1904 SEC_END_PROTOS |
1754 | 1905 |
1755 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) | 1906 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) |
1756 #define SSL_GETPID getpid | 1907 #define SSL_GETPID getpid |
1757 #elif defined(_WIN32_WCE) | 1908 #elif defined(_WIN32_WCE) |
1758 #define SSL_GETPID GetCurrentProcessId | 1909 #define SSL_GETPID GetCurrentProcessId |
1759 #elif defined(WIN32) | 1910 #elif defined(WIN32) |
1760 extern int __cdecl _getpid(void); | 1911 extern int __cdecl _getpid(void); |
1761 #define SSL_GETPID _getpid | 1912 #define SSL_GETPID _getpid |
1762 #else | 1913 #else |
1763 #define SSL_GETPID() 0 | 1914 #define SSL_GETPID() 0 |
1764 #endif | 1915 #endif |
1765 | 1916 |
1766 #endif /* __sslimpl_h_ */ | 1917 #endif /* __sslimpl_h_ */ |
OLD | NEW |